In the future there is an ongoing design to have a specific "log volume" defined on a per pod basis that will be respected by the system.

For now, the correct way is to use hostPath, but there's a catch - security. The reason why it failed to deploy is because users have to be granted the permission to access the host (for security reasons). You'll want to grant access to an SCC that allows host volumes to your service account (do "oc get scc" to see the full list, then "oadm policy add-scc-to-user NAME -z default" to grant access to that SCC to a named service account).